Debdiff for CVE-2007-1253 for blender in edgy

Bug #99062 reported by Michael Bienia on 2007-03-30
2
Affects Status Importance Assigned to Milestone
blender (Ubuntu)
Undecided
Unassigned
Breezy
Undecided
Unassigned
Dapper
Undecided
Unassigned
Edgy
Undecided
Kees Cook
Feisty
Undecided
Unassigned

Bug Description

Binary package hint: blender

Here is a debdiff for blender 2.42a-1ubuntu1.1 targeting edgy-security.

This is the same fix for blender as in Debian unstable and testing: remove the affected script (it's gone in blender 2.43).

CVE References

Michael Bienia (geser) wrote :
Kees Cook (kees) wrote :

Is this fixed in feisty? Is removing that script the right way to solve the problem?

Kees Cook (kees) wrote :
Changed in blender:
status: Unconfirmed → Fix Released
status: Fix Released → Rejected
Kees Cook (kees) wrote :

Building now! Thanks for the debdiff. :)

Changed in blender:
assignee: nobody → keescook
status: Unconfirmed → Fix Committed
status: Fix Released → Rejected
Kees Cook (kees) wrote :

Script does not exist in Breezy or Dapper either.

Changed in blender:
status: Unconfirmed → Rejected
status: Unconfirmed → Rejected
Michael Bienia (geser) wrote :

Feisty is not vulnerable as the script was removed again in blender 2.43.
According to http://lists.alioth.debian.org/pipermail/pkg-blender-maintainers/2007-March/000191.html the script was introduced in blender 2.42 (I've also check blender in dapper and breezy and couldn't find such a named file).

Debian removed this file in the uploads to unstable and testing as fix. See
http://packages.qa.debian.org/b/blender/news/20070328T104704Z.html
http://packages.qa.debian.org/b/blender/news/20070327T220204Z.html
http://lists.alioth.debian.org/pipermail/pkg-blender-maintainers/2007-March/000189.html

As blender 2.42 is not part of Debian stable, they don't need to fix it there.

Kees Cook (kees) wrote :

Great! Thanks for the additional notes. I've got this uploaded to the security buildds, and I'll publish it as soon as it finished building there.

Kees Cook (kees) wrote :

This should appear on the archives shortly. Thanks again!

Changed in blender:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers